[MART] - Daily Diary #602 - Meet Erbium, a New Information Stealer Malware

ctas-mat at appgate.com ctas-mat at appgate.com
Tue Sep 27 00:14:53 UTC 2022


I hope everyone is doing well!

Below is the entry for today.

09/26/2022 - Diary entry #602:

Erbium is a new information stealer malware distributed as a Malware-As-A-Service (MaaS) and advertised on Russian-speaking hacking forums. Sold initially for $9 per week, Erbium’s price rose in late August, costing $100 per month (or a “promotional” $1000 per year).

Written in C/C++, Erbium provides several functionalities such as enumerating drives, paths, files, and folders, loading additional payloads in memory, collecting system information (including credentials from various software such as web browsers and cryptocurrency wallets), and the ability to steal passwords from password-managing software. The malware sample is protected by an unknown packer and it contains anti-analysis techniques for difficult reverse-engineering and sandboxes.

All the exfiltrated data is sent to a web panel where its operator can get an overview of what has been stolen and it has also an option to send the information to a Telegram account. So far, Erbium has been observed infecting hosts in the USA, France, Colombia, Spain, Italy, India, Vietnam, and Malaysia.

Erbium follows the same business model as other info stealers and MaaS threats, allowing unskilled threat actors to quickly weaponize their operations to conduct their campaigns. The increase in price reflects an increase in the popularity among other threat actors, and therefore we can expect more incidents and updates involving Erbium in the future.

Kind Regards,


[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>


Malware Analysis and Research Team

E: ctas-mat at appgate.com<mailto:ctas-mat at appgate.com>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20220927/aaef9c87/attachment.htm>

More information about the MART mailing list